Hi, Maybe I missed something somewhere, but it looks to me like Geo-Location Processor only tries to resolve the sender address of the message, and not any fields like stated in the description
"scans all fields of every message for IPv4 addresses" On a graylog-beta-2.0.0-beta.1-1.ova I just enabled the Plugin under configuration and added the DB file from Maxmind. Graylog Settings: Geo-Location Processor If enabled, the GeoIP processor plugin scans all fields of every message for IPv4 addresses and puts the location information into a field named fieldname_geolocation where "fieldname" is the name of the field in which an IP address has been found. Enabled: yes Database type: City database Database path: /etc/graylog/GeoLite2-City.mmdb root@graylog-beta:~# ll /etc/graylog/GeoLite2-City.mmdb -rw-rw-r-- 1 root root 36745923 Mar 29 08:05 /etc/graylog/GeoLite2-City.mmdb when i send a sample msg line into Graylog: root@graylog-beta:~# echo '8.8.8.8 - test message' | ncat -w1 -u 127.0.0.1 51 With Subystem Indexer Logging set to Debug i get this: 2016-04-01_07:21:22.17052 2016-04-01 07:21:22,159 DEBUG: org.graylog.plugins .map.geoip.GeoIpResolverEngine - Could not get location from IP 127.0.0.1 2016-04-01_07:21:22.17079 com.maxmind.geoip2.exception. AddressNotFoundException: The address 127.0.0.1 is not in the database. 2016-04-01_07:21:22.17149 at com.maxmind.geoip2.DatabaseReader.get( DatabaseReader.java:161) ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 2016-04-01_07:21:22.17230 at com.maxmind.geoip2.DatabaseReader.city( DatabaseReader.java:217) ~[graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 2016-04-01_07:21:22.17284 at org.graylog.plugins.map.geoip. GeoIpResolverEngine.extractGeoLocationInformation(GeoIpResolverEngine.java: 100) [graylog-plugin-map-widget-1.0.0-beta.1.jar:?] 2016-04-01_07:21:22.17429 at org.graylog.plugins.map.geoip. GeoIpResolverEngine.filter(GeoIpResolverEngine.java:74) [graylog-plugin-map- widget-1.0.0-beta.1.jar:?] 2016-04-01_07:21:22.17572 at org.graylog.plugins.map.geoip.processor. GeoIpProcessor.process(GeoIpProcessor.java:79) [graylog-plugin-map-widget- 1.0.0-beta.1.jar:?] 2016-04-01_07:21:22.17587 at org.graylog2.buffers.processors. ServerProcessBufferProcessor.handleMessage(ServerProcessBufferProcessor.java :56) [graylog.jar:?] 2016-04-01_07:21:22.17656 at org.graylog2.shared.buffers.processors. ProcessBufferProcessor.dispatchMessage(ProcessBufferProcessor.java:82) [ graylog.jar:?] 2016-04-01_07:21:22.18244 at org.graylog2.shared.buffers.processors. ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:61) [graylog.jar :?] 2016-04-01_07:21:22.18651 at org.graylog2.shared.buffers.processors. ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:35) [graylog.jar :?] 2016-04-01_07:21:22.18660 at com.lmax.disruptor.WorkProcessor.run( WorkProcessor.java:139) [graylog.jar:?] 2016-04-01_07:21:22.18663 at com.codahale.metrics. InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory .java:66) [graylog.jar:?] 2016-04-01_07:21:22.18665 at java.lang.Thread.run(Thread.java:745) [?: 1.8.0_74] Regards Micha -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/908b3309-0a13-4fff-8c77-664af336d4a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
